Travel Team Albania – Comprehensive Privacy Policy 2025

🔒 Travel Team Albania – Comprehensive Privacy Policy 2025

Effective Date: June 16, 2023

Last Updated: June 16, 2025

At Travel Team Albania, your trust is paramount. We are committed to protecting the privacy of our users, visitors, and clients with the highest level of care and transparency. This Privacy Policy details how Travel Team Albania (Amarildo Veizi P.F.), a licensed Destination Management Company, processes your Personal Data. We operate in strict compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Contact Details of the Data Controller

The Data Controller responsible for the processing of your Personal Data is:

Detail	Information
Legal Entity	Travel Team Albania (Amarildo Veizi P.F.)
Registered Address	Rr. Barikadave 8, Tirane, Albania
Data Protection Officer (DPO) Contact	For all privacy and data protection inquiries.
Email	legal@travelteam.al (Recommended for legal/privacy matters)
General Contact	contact@travelteam.al
Phone/WhatsApp	+355 69 776 6055

2. Scope and Applicability of This Policy

This policy governs the processing of Personal Data collected from:

• Website Visitors: Individuals browsing our website and interacting with forms or cookies.
• Users/Clients: Individuals who make bookings, request services, or utilize our travel services.
• Account Holders: Users who register an account manually or via social login (Google, Facebook).

3. Categories of Personal Data We Collect

We only collect the data necessary to provide and improve our specialized travel services.

1. Core Identification & Passport Data (For Bookings)

Full name, date of birth, nationality, gender, and Passport or ID details (collected only when legally required for securing travel tickets, accommodation, or visa invitation letters).

1. Contact & Communication Data

Email address, phone number (including WhatsApp), and physical address (used for invoicing or document delivery).

1. Account & Authentication Data

Login credentials (email, password encrypted with hashing), and basic profile data retrieved via OAuth tokens for social login (name, profile image, email – never social login passwords).

1. Travel & Preference Data

Trip dates, destinations, room and dietary preferences, specific activity requests, and emergency contact details.

1. Payment Data

Billing address and payment status. Note: We do not store full credit/debit card numbers. All sensitive transaction data is securely handled by our PCI-compliant third-party payment processors (e.g., Stripe, PayPal).

1. Technical & Analytical Data

IP address, device information, browser type, operating system, geographical location data (if consented to), and data collected via Cookies and tracking technologies (session, preference, analytics).

4. Legal Basis for Processing (GDPR Article 6)

We process your data only when we have a valid legal ground to do so.

Purpose of Processing	Legal Basis (GDPR Article 6)
Confirming bookings, securing accommodation, transport, and delivering travel services.	Contractual Necessity (Article 6(1)(b))
Providing customer support, answering inquiries, and sending essential service updates.	Legitimate Interest (Article 6(1)(f))
Sending promotional offers, newsletters, and marketing materials.	Consent (Article 6(1)(a))
Registering and managing user accounts for secured access to services.	Contractual Necessity (Article 6(1)(b))
Issuing invoices, complying with tax and tourism laws, preventing fraud.	Legal Obligation (Article 6(1)(c))
Analyzing website usage and improving service functionality.	Legitimate Interest and Consent (for non-essential cookies)

5. Data Retention Period

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

• Active Status: Data is retained as long as you have an active account or an ongoing booking.
• Legal Compliance: Data relevant to invoicing and legal compliance (e.g., booking records) is kept for a period of 5 years after the completion of the service, in line with Albanian commercial law.
• Marketing: Data is kept until you withdraw your consent (unsubscribe).

Upon the expiry of the retention period, your data is either securely deleted or rendered fully anonymized.

6. Disclosure and International Data Transfers

We only share your data when absolutely necessary for service delivery or legal compliance. We never sell, rent, or share your data for marketing purposes with any unrelated third parties.

1. Sharing for Service Delivery

Your Personal Data is shared with essential third parties for the execution of your trip:

• Hotels, local guides, transport companies, and partner tour operators (to finalize your itinerary).
• Payment processors (e.g., Stripe, PayPal) for secure transaction handling.
• Web hosting, CRM, and communication service providers (e.g., SendGrid) who act as Data Processors under our instruction.
• Governmental authorities (only when legally required, such as visa support or law enforcement requests).

1. International Transfers

We strive to process data within the EEA. However, if data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, typically through the use of Standard Contractual Clauses (SCCs) approved by the European Commission, or by transferring to a country deemed “adequate” by the EU Commission.

1. Bookings via Third-Party Resellers

If you booked a service through an external platform (e.g., TripAdvisor, GetYourGuide, TourRadar) or an external agency, their respective Privacy Policies will govern data collected on their platforms. While we fully support your GDPR rights regarding data processed directly by Travel Team Albania, we advise you to review their terms and contact them directly for requests related to their platform data.

7. Data Security Measures

We have implemented robust technical and organizational security measures designed to protect your Personal Data against unauthorized access, destruction, or disclosure:

• Encryption: Secure Socket Layer (SSL) encryption for data transmission and password hashing/salting.
• Access Control: Strict Role-Based Access Control (RBAC) limits internal staff access to data based on job necessity.
• Compliance: Hosting on GDPR-compliant servers and regular security audits.

In the unlikely event of a data breach, we commit to notifying affected users and the Albanian Information and Data Protection Commissioner within 72 hours of becoming aware of the incident, where required by law.

8. Your Data Protection Rights Under GDPR (Chapter 3)

As a data subject, you have the following rights concerning your Personal Data. To exercise any of these rights, please contact us at legal@travelteam.al. We will respond to your verified request within 30 days.

Your Right	Description
Right to Access	You have the right to request copies of your Personal Data we hold.
Right to Rectification	You have the right to request that we correct any inaccurate or incomplete data.
Right to Erasure	You can request the deletion of your Personal Data (the ‘right to be forgotten’), subject to our legal and contractual retention obligations.
Right to Restriction of Processing	You can request that we limit the processing of your data under certain conditions.
Right to Object	You have the right to object to processing based on legitimate interest or for direct marketing.
Right to Data Portability	You have the right to receive your data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent	You have the right to withdraw any consent you previously gave for processing at any time.
Right to Complain	You have the right to file a complaint with the Albanian Information and Data Protection Commissioner if you are dissatisfied with our data handling.

9. Cookies and Tracking Technologies

Our website uses cookies (small data files stored on your device) to enhance functionality and analyze traffic.

• Essential Cookies: Necessary for website operation (e.g., maintaining user sessions).
• Non-Essential Cookies: Used for performance tracking and analytics (Google Analytics, Meta Pixel).

We request your explicit Consent before placing non-essential cookies. You can manage your cookie preferences or disable them entirely through your browser settings, though this may impact some site functionality.

10. Children’s Privacy

We do not knowingly collect Personal Data from children under the age of 16 without prior parental or guardian consent. If you believe we have inadvertently collected such data, please contact us immediately for its removal.

11. Updates to This Privacy Policy

This policy may be updated periodically to reflect changes in our services, legal requirements, or regulatory standards. Any updates will be posted on this page with a revised Last Updated date. We encourage you to review this policy periodically.